Like I mentioned in the bugreport, the bug not only applies to header values (referer) but also to the path.Generally speaking: all strings supplied by the client which can have a " or other characters that could confuse accesslog parsers.